Are you safe when you use the wireless network at your local coffee shop or airport? Maybe. Maybe not.
Are you accidentally sharing your files on your computer? Is your computer "trusting" connection attempts from the other computers at the hostspot?
Reader Sam Boggs wrote to ask:
To improve security when using Wi-Fi at a coffee shop or traveling, I’ve seen advice to uninstall "File and Printer Sharing for Microsoft Networks" on the active wireless connection in the Properties menu of Control Panel Network Connections. Is it necessary to do this – is there any downside to uninstalling this? Would it be sufficient to uncheck the box, or do I need to fully uninstall it?
I guess another way of asking this question is, What is the purpose of this Sharing feature? I’m reluctant to delete something I might need.
Also, do I need to do make this change every time I go to a new hotspot (or even to the same hotspot), or will once do it for all future Wi-Fi logins?
Well, Sam, that’s like using a cannon to kill a mosquito (assuming you actually could hit the mosquito). It will kill the mosquito, but it’s going to cause quite a bit of collateral damage.
In Windows 98, Me and Windows XP, "File and Printer Sharing for Microsoft Networks" is not turned on by default. You actually have to install it manually in order to share files or share printers across your home (or business) network. Of course, since any manufacturer can pre-configure Windows the way he wants, it _could_ come already installed on a computer.
Yes, if you uninstall File and Printer Sharing, that will prevent others at the coffee shop from being able to see and access the files on your notebook computer. Unfortunately, those are only a few of the TCP and UDP ports that could open your computer to access by others.
The damage? When you get home, you will have to reinstall File and Printer Sharing. You’ll also have to set it up all over again, including Sharing the individual folders on that computer and Sharing any printers you hook directly to that computer.
If you use Windows 98 or Windows Me, find your Windows OS CDROM first. They require the CD in order to reinstall and react very poorly if you try to interrupt the changes in the network settings. (Can you say "Windows won’t boot?" Been there; done that.)
Windows Vista, Windows 7 or Windows 8 don’t have to worry about installing File & Printer sharing, as it’s already installed by default. They still have potential issues, though (and should not try to uninstall file and printer sharing, just as 98 and XP users shouldn’t do that as a temporary security measwure.
The bad news is that many people with personal notebooks make three critical mistakes:
- they have not read (or have not followed) my Wireless Networking pages for wireless security tips
- they don’t have a third-party firewall program (Do Not Rely on the Windows Firewall!)
- they have not changed their default "workgroup" name
When setting up a home network, Windows offers a default "workgroup" name, and almost everyone uses it. So, when your workgroup name is the default ("MSHOME") and someone else in the coffee shop has the same workgroup name MSHOME — you’re now a Workgroup and can share files with each other!
If you’re using Windows 7, the default behavior is to have you set up a homegroup, which requires a homegroup password. However, if you choose instead to set up a network using workgroups (e.g., so you can share files across different versions of Windows), you could have the same issue.
You can use almost any of the third-party firewalls — just make sure you use a firewall that is "two-way" — the Windows XP firewall is not!
You should use almost any non-default Workgroup name for your home network — such as "SAMSAREA" — just to make it unlikely that anyone else uses that same Workgroup name.
And, you should use an IP range for your home network that is not the default. Why? Because, you’ll probably set the firewall to "Trust" anyone on your local network’s IP range. If you use the default IP range, and if you go to the coffee shop, you just told it to "Trust" any computer on that network, too!
Note that better firewall programs will actually pay attention to the MAC address of the wireless router also. Even if the IP address is the same as you normally use, the different MAC address will trigger the firewall program to recognize the network as a different network from your trusted home network.
You should expect your firewall program to ask if the network should be trusted (it should not!). Windows 7 will also ask for itself, to set its file and printer sharing functions, even if you’re using a firewall other than the Windows firewall.
What are the valid IP ranges you can use?
10.0.0.0 - 10.255.255.255
172.16.0.0 - 172.31.255.255 and
192.168.0.0 - 192.168.255.255.
These IP addresses are "Reserved for Private Networks” — like yours.